Assure we don't accidentally parse a valid-looking URL to url and cause long compute times.

Byron · Byron · commit 7497553e753d · 2023-10-02T10:32:38.000+02:00
The issue is that the `url` crate can be fooled by long URLs into parsing way-too-long hosts
inefficiently enough to allow DoS attacks by slowing it down.

Some predicate was implemented to detect such URLs before passing them to `url`, but unfortunately
a somewhat valid looking URL could be crafted to bypass that check and still run into the `url` parser,
which seemed to have no problem with the format of the URL.

Testing showed that this is a very special case, which is now handled as well. We hope that one day `url`
will handle this all by itself.
diff --git a/gix-url/src/parse.rs b/gix-url/src/parse.rs
@@ -85,7 +85,9 @@ pub(crate) fn find_scheme(input: &BStr) -> InputScheme {
 pub(crate) fn url(input: &BStr, protocol_end: usize) -> Result<crate::Url, Error> {
     const MAX_LEN: usize = 1024;
     let bytes_to_path = input[protocol_end + "://".len()..]
-        .find(b"/")
+        .iter()
+        .skip_while(|b| **b == b'/')
+        .position(|b| *b == b'/')
         .unwrap_or(input.len() - protocol_end);
     if bytes_to_path > MAX_LEN {
         return Err(Error::TooLong {
diff --git a/gix-url/tests/fixtures/fuzzed/very-long2.url b/gix-url/tests/fixtures/fuzzed/very-long2.url
diff --git a/gix-url/tests/parse/mod.rs b/gix-url/tests/parse/mod.rs
@@ -139,15 +139,17 @@ mod unknown {
 
 #[test]
 fn fuzzed() {
-    let base = Path::new("tests").join("fixtures").join("fuzzed");
-    let location = base.join(Path::new("very-long").with_extension("url"));
-    let url = std::fs::read(&location).unwrap();
-    let start = std::time::Instant::now();
-    gix_url::parse(url.as_bstr()).ok();
-    assert!(
-        start.elapsed() < Duration::from_millis(100),
-        "URL at '{}' parsed too slowly, took {:.00}s",
-        location.display(),
-        start.elapsed().as_secs_f32()
-    )
+    for name in ["very-long", "very-long2"] {
+        let base = Path::new("tests").join("fixtures").join("fuzzed");
+        let location = base.join(Path::new(name).with_extension("url"));
+        let url = std::fs::read(&location).unwrap();
+        let start = std::time::Instant::now();
+        gix_url::parse(url.as_bstr()).ok();
+        assert!(
+            start.elapsed() < Duration::from_millis(100),
+            "URL at '{}' parsed too slowly, took {:.00}s",
+            location.display(),
+            start.elapsed().as_secs_f32()
+        )
+    }
 }
